Microsoft

Asp.Net

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2025-36854

  • EPSS 0.11%
  • Veröffentlicht 08.09.2025 13:53:08
  • Zuletzt bearbeitet 08.09.2025 16:25:38

A vulnerability ( CVE-2024-38229 https://www.cve.org/CVERecord ) exists in EOL ASP.NET when closing an HTTP/3 stream while application code is writing to the response body, a race condition may lead to use-after-free, resulting in Remote Code Executi...

7

CVE-2025-7326

  • EPSS 0.19%
  • Veröffentlicht 08.07.2025 14:31:45
  • Zuletzt bearbeitet 22.07.2025 16:15:34

Weak authentication in EOL ASP.NET Core allows an unauthorized attacker to elevate privileges over a network. NOTE: This CVE affects only End Of Life (EOL) software components. The vendor, Microsoft, has indicated there will be no future updates nor...

7

CVE-2025-24070

Exploit
  • EPSS 0.14%
  • Veröffentlicht 11.03.2025 16:58:54
  • Zuletzt bearbeitet 02.07.2025 14:25:46

Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.

4.3

CVE-2010-2084

  • EPSS 6.4%
  • Veröffentlicht 27.05.2010 19:00:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute.

4.3

CVE-2010-2088

Exploit
  • EPSS 11.94%
  • Veröffentlicht 27.05.2010 19:00:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter.

7.8

CVE-2006-1364

Exploit
  • EPSS 31.3%
  • Veröffentlicht 23.03.2006 11:06:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly reque...

5

CVE-2005-2224

Exploit
  • EPSS 9.5%
  • Veröffentlicht 12.07.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a crafted SOAP message to an RPC/Encoded method.

6.4

CVE-2005-1664

  • EPSS 22.03%
  • Veröffentlicht 18.05.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to (1) apply a ViewState generated from one view to a different view, (2) reuse ViewState information after the application's state has changed, ...

5

CVE-2005-1665

  • EPSS 34.53%
  • Veröffentlicht 18.05.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not cryptographically signed, allows remote attackers to cause a denial of service (CPU consumption) via deeply nested markup.

4.3

CVE-2005-0452

  • EPSS 26.61%
  • Veröffentlicht 16.02.2005 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal A...